From fed3da9f0335da9cc9b3b90a2e146cb9866e1ebc Mon Sep 17 00:00:00 2001
From: Ville Juven <ville.juven@unikie.com>
Date: Thu, 5 Dec 2024 12:17:04 +0200
Subject: [PATCH] mm_grantable.c: Fix infinite loop due to memory fragmentation

The search algorithm does not work with the ctz approach at all, if there
is a free range of granules that does not fit a specific allocation (i.e.
the granule allocation is fragmented) it will cause an infinite loop as
the algorithm will try to find free space from the same (free) starting
granule, causing an infinite loop.

The clz approach works for all cases, it will find the last used granule
and the search will continue from the next free granule.

Also, offsetting a full GAT must be sizeof(gat[0] - 1), which is 31 in
this case. The reason is that the upper level search function increments
the value by +1.
---
 mm/mm_gran/mm_grantable.c | 16 +---------------
 1 file changed, 1 insertion(+), 15 deletions(-)

diff --git a/mm/mm_gran/mm_grantable.c b/mm/mm_gran/mm_grantable.c
index 609c962f9c..ef3642bdad 100644
--- a/mm/mm_gran/mm_grantable.c
+++ b/mm/mm_gran/mm_grantable.c
@@ -232,21 +232,7 @@ failure:
         {
           /* Handle full GAT quickly */
 
-          tmp = 32;
-        }
-      else if (c == r.sidx)
-        {
-          /* offset of first unused when matching for free */
-
-          v = ~v;
-#ifdef CONFIG_HAVE_BUILTIN_CTZ
-          tmp = __builtin_ctz(v);
-#else
-          tmp = (uint32_t)((lsb_mask(v)) * DEBRUJIN_NUM) >> 27;
-          DEBUGASSERT(tmp < sizeof(DEBRUJIN_LUT));
-          tmp = DEBRUJIN_LUT[tmp];
-#endif
-          tmp = tmp - 1; /* Ok, because v >= 1 */
+          tmp = 31;
         }
       else
         {